recog 2.3.18 → 2.3.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (73) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +26 -0
  4. data/.github/workflows/verify.yml +89 -0
  5. data/CONTRIBUTING.md +6 -0
  6. data/README.md +17 -0
  7. data/bin/recog_standardize +33 -12
  8. data/bin/recog_verify +1 -2
  9. data/cpe-remap.yaml +355 -200
  10. data/features/verify.feature +14 -14
  11. data/identifiers/README.md +24 -10
  12. data/identifiers/fields.txt +105 -0
  13. data/identifiers/hw_device.txt +8 -0
  14. data/identifiers/hw_family.txt +19 -0
  15. data/identifiers/hw_product.txt +122 -0
  16. data/identifiers/os_device.txt +2 -1
  17. data/identifiers/os_family.txt +3 -0
  18. data/identifiers/os_product.txt +46 -8
  19. data/identifiers/service_family.txt +10 -1
  20. data/identifiers/service_product.txt +90 -2
  21. data/identifiers/vendor.txt +104 -0
  22. data/lib/recog/db.rb +2 -1
  23. data/lib/recog/fingerprint.rb +18 -5
  24. data/lib/recog/nizer.rb +1 -82
  25. data/lib/recog/verifier.rb +5 -5
  26. data/lib/recog/verifier_factory.rb +3 -3
  27. data/lib/recog/verify_reporter.rb +14 -4
  28. data/lib/recog/version.rb +1 -1
  29. data/requirements.txt +1 -1
  30. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  31. data/spec/lib/recog/verify_reporter_spec.rb +69 -0
  32. data/tools/dev/hooks/pre-commit +21 -0
  33. data/update_cpes.py +19 -6
  34. data/xml/apache_modules.xml +60 -0
  35. data/xml/apache_os.xml +38 -38
  36. data/xml/dhcp_vendor_class.xml +206 -0
  37. data/xml/dns_versionbind.xml +11 -1
  38. data/xml/favicons.xml +270 -45
  39. data/xml/ftp_banners.xml +89 -64
  40. data/xml/h323_callresp.xml +99 -99
  41. data/xml/hp_pjl_id.xml +3 -3
  42. data/xml/html_title.xml +1051 -62
  43. data/xml/http_cookies.xml +294 -85
  44. data/xml/http_servers.xml +551 -122
  45. data/xml/http_wwwauth.xml +139 -43
  46. data/xml/imap_banners.xml +8 -8
  47. data/xml/ldap_searchresult.xml +1 -0
  48. data/xml/mdns_device-info_txt.xml +720 -27
  49. data/xml/mysql_banners.xml +3 -2
  50. data/xml/nntp_banners.xml +4 -4
  51. data/xml/ntp_banners.xml +79 -65
  52. data/xml/operating_system.xml +6 -6
  53. data/xml/pop_banners.xml +11 -11
  54. data/xml/rsh_resp.xml +3 -3
  55. data/xml/rtsp_servers.xml +7 -0
  56. data/xml/sip_banners.xml +374 -9
  57. data/xml/sip_user_agents.xml +377 -5
  58. data/xml/smb_native_lm.xml +32 -1
  59. data/xml/smb_native_os.xml +160 -33
  60. data/xml/smtp_banners.xml +168 -129
  61. data/xml/smtp_ehlo.xml +1 -1
  62. data/xml/smtp_expn.xml +1 -0
  63. data/xml/smtp_help.xml +10 -10
  64. data/xml/smtp_noop.xml +2 -2
  65. data/xml/smtp_vrfy.xml +1 -0
  66. data/xml/snmp_sysdescr.xml +508 -214
  67. data/xml/snmp_sysobjid.xml +25 -25
  68. data/xml/ssh_banners.xml +145 -29
  69. data/xml/telnet_banners.xml +240 -61
  70. data/xml/tls_jarm.xml +162 -0
  71. data/xml/x509_issuers.xml +237 -2
  72. data/xml/x509_subjects.xml +369 -49
  73. metadata +10 -3
data/xml/http_wwwauth.xml CHANGED
@@ -2,6 +2,14 @@
2
2
  <fingerprints matches="http_header.wwwauth" protocol="http" database_type="service" preference="0.85">
3
3
  <!-- HTTP WWW-Authenticate headers are matched against these patterns to fingerprint HTTP servers. -->
4
4
 
5
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;monit&quot;$">
6
+ <description>Minot</description>
7
+ <example>Basic realm="monit"</example>
8
+ <param pos="0" name="service.vendor" value="Tildeslash"/>
9
+ <param pos="0" name="service.product" value="Monit"/>
10
+ <param pos="0" name="service.cpe23" value="cpe:/a:tildeslash:monit:-"/>
11
+ </fingerprint>
12
+
5
13
  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;access&quot;$">
6
14
  <description>Cisco IOS 11.x</description>
7
15
  <example>Basic realm="access"</example>
@@ -70,7 +78,7 @@
70
78
  <param pos="1" name="hw.product"/>
71
79
  </fingerprint>
72
80
 
73
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Cisco_CCSP_CWMP_TCPCR&quot;.*$">
81
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Cisco_CCSP_CWMP_TCPCR&quot;">
74
82
  <description>Generic Cisco CWMP/CPE equipment</description>
75
83
  <example>Basic realm="Cisco_CCSP_CWMP_TCPCR"</example>
76
84
  <param pos="0" name="hw.vendor" value="Cisco"/>
@@ -89,7 +97,7 @@
89
97
  <param pos="0" name="os.product" value="Firewall-1"/>
90
98
  </fingerprint>
91
99
 
92
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpanel&quot;.*">
100
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpanel&quot;">
93
101
  <description>cPanel</description>
94
102
  <example>Basic realm="cPanel"</example>
95
103
  <param pos="0" name="service.vendor" value="cPanel"/>
@@ -106,7 +114,7 @@
106
114
  <param pos="0" name="os.device" value="Power Device"/>
107
115
  </fingerprint>
108
116
 
109
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;ADSL\S* (?:Modem|Router|Modem/Router)&quot;.*$">
117
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;ADSL\S* (?:Modem|Router|Modem/Router)&quot;">
110
118
  <description>Generic ADSL modems/routers</description>
111
119
  <example>Basic realm="ADSL Modem"</example>
112
120
  <example>Basic realm="ADSL Modem/Router"</example>
@@ -115,19 +123,19 @@
115
123
  <param pos="0" name="hw.device" value="ADSL Modem"/>
116
124
  </fingerprint>
117
125
 
118
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Broadband Router&quot;.*$">
126
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Broadband Router&quot;">
119
127
  <description>Generic Broadband modems/routers</description>
120
128
  <example>Basic realm="Broadband Router"</example>
121
129
  <param pos="0" name="hw.device" value="Broadband Router"/>
122
130
  </fingerprint>
123
131
 
124
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DSL\S* (?:Modem|Router|Modem/Router)&quot;.*$">
132
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DSL\S* (?:Modem|Router|Modem/Router)&quot;">
125
133
  <description>Generic DSL modems/routers</description>
126
134
  <example>Basic realm="DSL Modem"</example>
127
135
  <param pos="0" name="hw.device" value="DSL Modem"/>
128
136
  </fingerprint>
129
137
 
130
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DVR&quot;.*$">
138
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DVR&quot;">
131
139
  <description>Generic DVR</description>
132
140
  <example>Basic realm="DVR"</example>
133
141
  <param pos="0" name="hw.device" value="DVR"/>
@@ -135,7 +143,7 @@
135
143
 
136
144
  <!-- Hikvision is OEMd by a number of DVR manufacturers -->
137
145
 
138
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(?i:hikvision)&quot;.*$">
146
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(?i:hikvision)&quot;">
139
147
  <description>Web server found on DVR and webcam servers sourced from Hikvision</description>
140
148
  <example>Basic realm="hikvision"</example>
141
149
  <param pos="0" name="service.vendor" value="Hikvision"/>
@@ -146,20 +154,20 @@
146
154
  <param pos="0" name="hw.device" value="DVR"/>
147
155
  </fingerprint>
148
156
 
149
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Merit LILIN Ent\. Co\., Ltd.&quot;.*$">
157
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Merit LILIN Ent\. Co\., Ltd.&quot;">
150
158
  <description>Merit LILIN generic device</description>
151
159
  <example>Basic realm="Merit LILIN Ent. Co., Ltd,"</example>
152
160
  <example>Basic realm="Merit LILIN Ent. Co., Ltd."</example>
153
161
  <param pos="0" name="hw.vendor" value="Merit LILIN"/>
154
162
  </fingerprint>
155
163
 
156
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Wireless Access Point&quot;.*$">
164
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Wireless Access Point&quot;">
157
165
  <description>Generic WAP</description>
158
166
  <example>Basic realm="Wireless Access Point"</example>
159
167
  <param pos="0" name="hw.device" value="WAP"/>
160
168
  </fingerprint>
161
169
 
162
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/Tilt|POE|IR|HD|H.264|Surveillance|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,4}?(?: Login)?&quot;.*$">
170
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/Tilt|POE|IR|HD|H.264|Surveillance|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,4}?(?: Login)?&quot;">
163
171
  <description>Generic IP Cameras</description>
164
172
  <example>Basic realm="camera"</example>
165
173
  <example>Basic realm="IPCamera Login"</example>
@@ -167,7 +175,7 @@
167
175
  <param pos="0" name="hw.device" value="IP Camera"/>
168
176
  </fingerprint>
169
177
 
170
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(DCS-[^&quot;]+)&quot;.*$">
178
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(DCS-[^&quot;]+)&quot;">
171
179
  <description>D-Link DCS IP Cameras</description>
172
180
  <example hw.product="DCS-5222LB1">Basic realm="DCS-5222LB1"</example>
173
181
  <example hw.product="DCS-2530L">Basic realm="DCS-2530L"</example>
@@ -176,7 +184,7 @@
176
184
  <param pos="1" name="hw.product"/>
177
185
  </fingerprint>
178
186
 
179
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;GoAhead&quot;.*$">
187
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;GoAhead&quot;">
180
188
  <description>GoAhead webserver</description>
181
189
  <example>Basic realm="GoAhead"</example>
182
190
  <param pos="0" name="service.vendor" value="Oracle"/>
@@ -184,13 +192,23 @@
184
192
  <param pos="0" name="service.family" value="GoAhead Webserver"/>
185
193
  </fingerprint>
186
194
 
187
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;kubernetes-master&quot;.*$">
195
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;Logitech Media Server&quot;">
196
+ <description>Logitech Media server</description>
197
+ <example>Basic realm="Logitech Media Server"</example>
198
+ <param pos="0" name="service.vendor" value="Logitech"/>
199
+ <param pos="0" name="service.product" value="Squeezebox"/>
200
+ </fingerprint>
201
+
202
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;kubernetes-master&quot;">
188
203
  <description>Kubernetes master nodes</description>
189
204
  <example>Basic realm="kubernetes-master"</example>
190
205
  <param pos="0" name="service.vendor" value="Kubernetes"/>
206
+ <param pos="0" name="service.family" value="Kubernetes"/>
207
+ <param pos="0" name="service.product" value="Kubernetes"/>
208
+ <param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
191
209
  </fingerprint>
192
210
 
193
- <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;RUIJIE(?:-CPE)?&quot;.*$">
211
+ <fingerprint pattern="(?i)^(?:Basic|Digest) realm=&quot;RUIJIE(?:-CPE)?&quot;">
194
212
  <description>Ruijie Networks generic</description>
195
213
  <example>Digest realm="RUIJIE-CPE"</example>
196
214
  <param pos="0" name="hw.vendor" value="Ruijie"/>
@@ -261,7 +279,7 @@
261
279
  <param pos="2" name="host.mac"/>
262
280
  </fingerprint>
263
281
 
264
- <fingerprint pattern="^(?:Basic|Digest).*realm=&quot;Thomson(?: Gateway)?&quot;.*$">
282
+ <fingerprint pattern="^(?:Basic|Digest).*realm=&quot;Thomson(?: Gateway)?&quot;">
265
283
  <description>Thomson generic devices</description>
266
284
  <example>Digest realm="Thomson Gateway"</example>
267
285
  <example>Basic realm="Thomson"</example>
@@ -285,7 +303,7 @@
285
303
  <param pos="1" name="hw.product"/>
286
304
  </fingerprint>
287
305
 
288
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;HuaweiHomeGateway&quot;.*$">
306
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;HuaweiHomeGateway&quot;">
289
307
  <description>Huawei Home Gateway Routers</description>
290
308
  <example>Basic realm="HuaweiHomeGateway"</example>
291
309
  <param pos="0" name="hw.vendor" value="Huawei"/>
@@ -293,7 +311,7 @@
293
311
  <param pos="0" name="hw.product" value="Home Gateway"/>
294
312
  </fingerprint>
295
313
 
296
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;EchoLife .*&quot;.*$">
314
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;EchoLife .*&quot;">
297
315
  <description>Huawei EchoLife Home Gateways</description>
298
316
  <example>Basic realm="EchoLife Portal de Inicio"</example>
299
317
  <example>Basic realm="EchoLife Home Gateway"</example>
@@ -318,29 +336,35 @@
318
336
 
319
337
  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(TD-[VW8][A-Z0-9]+)(?:| \d+\.\d+)&quot;$">
320
338
  <description>TP-LINK SoHo Router - dash variant</description>
321
- <example>Basic realm="TD-W8901G"</example>
339
+ <example os.product="TD-W8901G">Basic realm="TD-W8901G"</example>
322
340
  <example>Basic realm="TD-8840T 2.0"</example>
323
- <example>Basic realm="TD-8811"</example>
341
+ <example hw.product="TD-8811">Basic realm="TD-8811"</example>
324
342
  <param pos="0" name="os.vendor" value="TP-LINK"/>
325
343
  <param pos="0" name="os.device" value="Router"/>
326
344
  <param pos="1" name="os.product"/>
345
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
346
+ <param pos="0" name="hw.device" value="Router"/>
347
+ <param pos="1" name="hw.product"/>
327
348
  </fingerprint>
328
349
 
329
350
  <fingerprint pattern="^(?:Basic|Digest) realm=&quot;(TD8[A-Z0-9]+)&quot;$">
330
351
  <description>TP-LINK SoHo Router</description>
331
- <example>Basic realm="TD854W"</example>
332
- <example>Basic realm="TD811"</example>
352
+ <example os.product="TD854W">Basic realm="TD854W"</example>
353
+ <example hw.product="TD811">Basic realm="TD811"</example>
333
354
  <example>Basic realm="TD821"</example>
334
355
  <example>Basic realm="TD841"</example>
335
356
  <param pos="0" name="os.vendor" value="TP-LINK"/>
336
357
  <param pos="0" name="os.device" value="Router"/>
337
358
  <param pos="1" name="os.product"/>
359
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
360
+ <param pos="0" name="hw.device" value="Router"/>
361
+ <param pos="1" name="hw.product"/>
338
362
  </fingerprint>
339
363
 
340
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+)&quot;.*$">
364
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+)&quot;">
341
365
  <description>TP-LINK SoHo Router - verbose variant</description>
342
- <example>Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
343
- <example>Basic realm="TP-LINK Wireless Range Extender WA830RE"</example>
366
+ <example os.product="WA801N">Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
367
+ <example hw.product="WA830RE">Basic realm="TP-LINK Wireless Range Extender WA830RE"</example>
344
368
  <example>Basic realm="TP-LINK Wireless Range Extender WA850RE"</example>
345
369
  <example>Basic realm="TP-LINK Wireless AP WA501G"</example>
346
370
  <example>Basic realm="TP-LINK Wireless N Access Point WA701ND"</example>
@@ -358,9 +382,12 @@
358
382
  <param pos="0" name="os.vendor" value="TP-LINK"/>
359
383
  <param pos="0" name="os.device" value="WAP"/>
360
384
  <param pos="1" name="os.product"/>
385
+ <param pos="0" name="hw.vendor" value="TP-LINK"/>
386
+ <param pos="0" name="hw.device" value="WAP"/>
387
+ <param pos="1" name="hw.product"/>
361
388
  </fingerprint>
362
389
 
363
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK (.*Router.*)&quot;.*$">
390
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK (.*Router.*)&quot;">
364
391
  <description>TP-LINK Routers</description>
365
392
  <example>Basic realm="TP-LINK Wireless N Router WR841N"</example>
366
393
  <example>Basic realm="TP-LINK Gigabit Broadband VPN Router R600VPN"</example>
@@ -370,21 +397,21 @@
370
397
  <param pos="1" name="hw.product"/>
371
398
  </fingerprint>
372
399
 
373
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK IP-Camera&quot;.*$">
400
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TP-LINK IP-Camera&quot;">
374
401
  <description>TP-LINK IP-Cameras</description>
375
402
  <example>Basic realm="TP-LINK IP-Camera"</example>
376
403
  <param pos="0" name="hw.vendor" value="TP-LINK"/>
377
404
  <param pos="0" name="hw.device" value="IP Camera"/>
378
405
  </fingerprint>
379
406
 
380
- <fingerprint pattern="(?i)^(?:Basic|Digest) .*realm=&quot;Broadcom Management Service&quot;.*$">
407
+ <fingerprint pattern="(?i)^(?:Basic|Digest) .*realm=&quot;Broadcom Management Service&quot;">
381
408
  <description>Supposedly part of Broadcom Advanced Control Suite 3 (BACS3) or something similar</description>
382
409
  <example>Digest qop="auth", realm="Broadcom Management Service", nonce="AAAAAAAAAAAAAP//DwHpMwYy1zc=", algorithm="MD5"</example>
383
410
  <param pos="0" name="service.vendor" value="Broadcom"/>
384
411
  <param pos="0" name="service.product" value="Management Service"/>
385
412
  </fingerprint>
386
413
 
387
- <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;SWAT&quot;.*$">
414
+ <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;SWAT&quot;">
388
415
  <description>Samba Web Administration Tool (SWAT)</description>
389
416
  <example>Basic realm="SWAT"</example>
390
417
  <param pos="0" name="service.vendor" value="Samba"/>
@@ -392,7 +419,7 @@
392
419
  <param pos="0" name="service.product" value="SWAT"/>
393
420
  </fingerprint>
394
421
 
395
- <fingerprint pattern="^.*(?:Basic|Digest) realm=&quot;SPIP Configuration&quot;.*$">
422
+ <fingerprint pattern="^.{0,1000}(?:Basic|Digest) realm=&quot;SPIP Configuration&quot;">
396
423
  <description>SPIP publishing system (www.spip.net)</description>
397
424
  <example>Basic realm="SPIP Configuration", Digest realm="SPIP Configuration", nonce="116761147", algorithm="MD5"</example>
398
425
  <param pos="0" name="service.vendor" value="SPIP"/>
@@ -400,7 +427,7 @@
400
427
  <param pos="0" name="service.cpe23" value="cpe:/a:spip:spip:-"/>
401
428
  </fingerprint>
402
429
 
403
- <fingerprint pattern="^.*(?:Basic|Digest) .*realm=&quot;HP ISEE @ ([^&quot;]+)&quot;.*$">
430
+ <fingerprint pattern="^.{0,1000}(?:Basic|Digest) .*realm=&quot;HP ISEE @ ([^&quot;]+)&quot;">
404
431
  <description>HP Instant Support Enterprise Edition with a hostname</description>
405
432
  <example host.name="blah">Basic realm="HP ISEE @ blah"</example>
406
433
  <param pos="0" name="service.vendor" value="HP"/>
@@ -408,7 +435,7 @@
408
435
  <param pos="1" name="host.name"/>
409
436
  </fingerprint>
410
437
 
411
- <fingerprint pattern="^.*(?:Basic|Digest) .*realm=&quot;BIG-IP&quot;.*$">
438
+ <fingerprint pattern="^.{0,1000}(?:Basic|Digest) .*realm=&quot;BIG-IP&quot;">
412
439
  <description>Generic F5 Big-IP</description>
413
440
  <example>Basic realm="BIG-IP"</example>
414
441
  <param pos="0" name="service.vendor" value="F5"/>
@@ -440,13 +467,13 @@
440
467
  <param pos="1" name="os.product"/>
441
468
  </fingerprint>
442
469
 
443
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;SERCOMM CPE Authentication&quot;.*$">
470
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;SERCOMM CPE Authentication&quot;">
444
471
  <description>Assorted Sercomm CPE devices</description>
445
472
  <example>Digest realm="SERCOMM CPE Authentication"</example>
446
473
  <param pos="0" name="hw.vendor" value="Sercomm"/>
447
474
  </fingerprint>
448
475
 
449
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TiVo DVR&quot;.*$">
476
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;TiVo DVR&quot;">
450
477
  <description>Tivo DVR</description>
451
478
  <example>Digest realm="TiVo DVR"</example>
452
479
  <param pos="0" name="hw.vendor" value="Tivo"/>
@@ -454,7 +481,7 @@
454
481
  <param pos="0" name="hw.device" value="DVR"/>
455
482
  </fingerprint>
456
483
 
457
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;UBEE&quot;.*$">
484
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;UBEE&quot;">
458
485
  <description>Ubee Cable Modems</description>
459
486
  <example>Digest qop="auth", realm="Ubee", nonce="1544738973"</example>
460
487
  <param pos="0" name="hw.vendor" value="Ubee"/>
@@ -469,13 +496,13 @@
469
496
  <param pos="0" name="service.family" value="Oracle"/>
470
497
  </fingerprint>
471
498
 
472
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpe@zte.com&quot;.*$">
499
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;cpe@zte.com&quot;">
473
500
  <description>Assorted ZTE CPE devices</description>
474
501
  <example>Digest realm="cpe@zte.com"</example>
475
502
  <param pos="0" name="hw.vendor" value="ZTE"/>
476
503
  </fingerprint>
477
504
 
478
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;ZXHN (\S+)&quot;.*$">
505
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;ZXHN (\S+)&quot;">
479
506
  <description>ZTE ZXHN router</description>
480
507
  <example>Basic realm="ZXHN H108L"</example>
481
508
  <param pos="0" name="hw.vendor" value="ZTE"/>
@@ -484,7 +511,7 @@
484
511
  <param pos="1" name="hw.product"/>
485
512
  </fingerprint>
486
513
 
487
- <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(ZXV\S* \S+)&quot;.*$">
514
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;(ZXV\S* \S+)&quot;">
488
515
  <description>ZTE ZXV router</description>
489
516
  <example hw.product="ZXV10 W300">Basic realm="ZXV10 W300"</example>
490
517
  <param pos="0" name="hw.vendor" value="ZTE"/>
@@ -513,7 +540,7 @@
513
540
  <param pos="0" name="os.product" value="Linux"/>
514
541
  </fingerprint>
515
542
 
516
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;NETGEAR (Orbi(?:-(?:micro|mini))?)&quot;.*$">
543
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;NETGEAR (Orbi(?:-(?:micro|mini))?)&quot;">
517
544
  <description>Netgear Orbi</description>
518
545
  <example hw.product="Orbi">Basic realm="NETGEAR Orbi"</example>
519
546
  <example hw.product="Orbi-micro">Basic realm="NETGEAR Orbi-micro"</example>
@@ -524,7 +551,7 @@
524
551
  <param pos="1" name="hw.product"/>
525
552
  </fingerprint>
526
553
 
527
- <fingerprint pattern="(?:Basic|Digest) realm=&quot;NETGEAR ([a-zA-Z0-9\-\+]+)\s*&quot;.*$">
554
+ <fingerprint pattern="(?:Basic|Digest) realm=&quot;NETGEAR ([a-zA-Z0-9\-\+]+)\s*&quot;">
528
555
  <description>Netgear Routers</description>
529
556
  <example hw.product="DG834">Basic realm="NETGEAR DG834 "</example>
530
557
  <example hw.product="C7000v2">Basic realm="NETGEAR C7000v2"</example>
@@ -536,7 +563,7 @@
536
563
 
537
564
  <!-- Fallback to the most generic Netgear match -->
538
565
 
539
- <fingerprint pattern="(?:Basic|Digest) realm=&quot;Netgear&quot;.*$">
566
+ <fingerprint pattern="(?:Basic|Digest) realm=&quot;Netgear&quot;">
540
567
  <description>Netgear Unspecified Router</description>
541
568
  <example>Basic realm="Netgear"</example>
542
569
  <param pos="0" name="hw.vendor" value="Netgear"/>
@@ -554,7 +581,7 @@
554
581
  <param pos="1" name="hw.product"/>
555
582
  </fingerprint>
556
583
 
557
- <fingerprint pattern="^(?:Basic|Digest) realm=&quot;[iI]RMC(?:@(IRMC[0-9a-fA-F]{6}))?&quot;.*$">
584
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;[iI]RMC(?:@(IRMC[0-9a-fA-F]{6}))?&quot;">
558
585
  <description>Fujitsu Siemens Primergy with BMC RemoteView on an iRMC card</description>
559
586
  <example host.name="IRMCA0EC88">Digest realm="iRMC@IRMCA0EC88", qop="auth", nonce="d569ace4-00029040", opaque="29040", stale="FALSE"</example>
560
587
  <param pos="0" name="service.vendor" value="Fujitsu Siemens"/>
@@ -566,6 +593,75 @@
566
593
  <param pos="1" name="host.name"/>
567
594
  </fingerprint>
568
595
 
596
+ <fingerprint pattern="^(?:Basic|Digest) realm=&quot;DELL \| SonicWALL SonicPoint">
597
+ <description>SonicWall SonicPoint (non-specific)</description>
598
+ <example>Basic realm="DELL | SonicWALL SonicPoint ACe/ACi/N2"</example>
599
+ <param pos="0" name="os.vendor" value="SonicWall"/>
600
+ <param pos="0" name="os.device" value="WAP"/>
601
+ <param pos="0" name="os.product" value="SonicOS"/>
602
+ <param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
603
+ <param pos="0" name="hw.vendor" value="SonicWall"/>
604
+ <param pos="0" name="hw.product" value="SonicPoint"/>
605
+ </fingerprint>
606
+
607
+ <fingerprint pattern="(?i)^(?:Basic|Digest).*realm=&quot;rokudev&quot;">
608
+ <description>Roku Streaming Device</description>
609
+ <example>Digest qop="auth", realm="rokudev", nonce="1111111111"</example>
610
+ <param pos="0" name="hw.vendor" value="Roku"/>
611
+ <param pos="0" name="hw.device" value="Media Server"/>
612
+ </fingerprint>
613
+
614
+ <fingerprint pattern="(?i)^Basic realm=&quot;System Setup&quot;">
615
+ <description>Patton DSL Router</description>
616
+ <example>Basic realm="System Setup"</example>
617
+ <param pos="0" name="hw.vendor" value="Patton"/>
618
+ <param pos="0" name="hw.device" value="Router"/>
619
+ <param pos="0" name="hw.product" value="SHDSL Router"/>
620
+ <param pos="0" name="hw.certainty" value="0.50"/>
621
+ </fingerprint>
622
+
623
+ <fingerprint pattern="(?i)^Digest realm=&quot;Login to ND[0-9]{3,20}&quot;, nonce=">
624
+ <description>Lorex NR900 Series DVR</description>
625
+ <example>Digest realm="Login to ND011811000000", nonce="ec3682ef24b2cd9cedefe5cc26110000"</example>
626
+ <param pos="0" name="hw.vendor" value="Lorex"/>
627
+ <param pos="0" name="hw.device" value="DVR"/>
628
+ <param pos="0" name="hw.product" value="NR900"/>
629
+ <param pos="0" name="hw.certainty" value="0.50"/>
630
+ </fingerprint>
631
+
632
+ <fingerprint pattern="(?i)^Basic realm=&quot;the Access Point&quot;">
633
+ <description>Psion Teklogix</description>
634
+ <example>Basic realm="the Access Point"</example>
635
+ <param pos="0" name="hw.vendor" value="Psion Teklogix"/>
636
+ <param pos="0" name="hw.device" value="Network Appliance"/>
637
+ <param pos="0" name="hw.product" value="CommServer"/>
638
+ </fingerprint>
639
+
640
+ <fingerprint pattern="(?i)^Digest realm=&quot;Use 'live' as User Name">
641
+ <description>Bosch AutoDome IP Camera</description>
642
+ <example>Digest realm="Use 'live' as User Name",nonce="18e62d241a5358a9650640fa72c1773c",opaque="",stale=FALSE,algorithm=MD5</example>
643
+ <example>Digest realm="Use 'live' as User Name in order to log in to the respective level",nonce="2e6007092c2b28af7e2516b80b5b4f95",opaque="",stale=FALSE,algorithm=MD5,qop="auth"</example>
644
+ <param pos="0" name="hw.vendor" value="Bosch"/>
645
+ <param pos="0" name="hw.device" value="Web Cam"/>
646
+ <param pos="0" name="hw.product" value="AutoDome"/>
647
+ <param pos="0" name="hw.certainty" value="0.50"/>
648
+ </fingerprint>
649
+
650
+ <fingerprint pattern="(?i)^Basic realm=&quot;Shelly&quot;">
651
+ <description>Shelly Smart Device</description>
652
+ <example>Basic realm="Shelly"</example>
653
+ <param pos="0" name="hw.vendor" value="Shelly"/>
654
+ <param pos="0" name="hw.device" value="Device"/>
655
+ </fingerprint>
656
+
657
+ <fingerprint pattern="(?i)^Basic realm=&quot;Eurotherm&quot;">
658
+ <description>Schneider Electric Eurotherm Device</description>
659
+ <example>Basic realm="Eurotherm"</example>
660
+ <param pos="0" name="hw.vendor" value="Schneider Electric"/>
661
+ <param pos="0" name="hw.device" value="Device"/>
662
+ <param pos="0" name="hw.family" value="Eurotherm"/>
663
+ </fingerprint>
664
+
569
665
  <!-- a variety of headers we currently just ignore -->
570
666
 
571
667
  <fingerprint pattern="(?i)^NTLM$">
@@ -594,13 +690,13 @@
594
690
  <example>Basic realm="index.html"</example>
595
691
  </fingerprint>
596
692
 
597
- <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)&quot;.*$">
693
+ <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)&quot;">
598
694
  <description>Ignore realms with an IPv4 address</description>
599
695
  <example>Basic realm="192.168.0.1"</example>
600
696
  <example>Digest qop="auth", realm="172.16.0.1", nonce="AAAAAAAAAAAAAP//DwHpM0IvM78=", algorithm="MD5"</example>
601
697
  </fingerprint>
602
698
 
603
- <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;config&quot;.*$">
699
+ <fingerprint pattern="^(?:Basic|Digest) .*realm=&quot;config&quot;">
604
700
  <description>Ignore generic 'config' realms</description>
605
701
  <example>Digest realm="config", nonce="1155041914", algorithm="MD5", qop="auth"</example>
606
702
  </fingerprint>
data/xml/imap_banners.xml CHANGED
@@ -47,7 +47,7 @@
47
47
  <param pos="2" name="host.name"/>
48
48
  </fingerprint>
49
49
 
50
- <fingerprint pattern="^Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version (6\.5\.\d{4}\.\d+) \((.*)\),.*$">
50
+ <fingerprint pattern="^Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version (6\.5\.\d{4}\.\d+) \((.*)\),">
51
51
  <description>Microsoft Exchange Server 2003, German</description>
52
52
  <example service.version="6.5.7638.1" host.name="foo.bar">Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version 6.5.7638.1 (foo.bar), steht zur Verfgung.</example>
53
53
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -166,7 +166,7 @@
166
166
  <param pos="0" name="service.product" value="Courier IMAP"/>
167
167
  </fingerprint>
168
168
 
169
- <fingerprint pattern="^(\S+) CallPilot IMAP4rev1 v(\S+) server ready\.?$">
169
+ <fingerprint pattern="^(\S{1,512}) CallPilot IMAP4rev1 v(\S+) server ready\.?$">
170
170
  <description>Nortel CallPilot</description>
171
171
  <example>nottest.localdomain CallPilot IMAP4rev1 v42.02.05.22 server ready.</example>
172
172
  <example>test.localdomain CallPilot IMAP4rev1 v43.03.19.22 server ready.</example>
@@ -177,7 +177,7 @@
177
177
  <param pos="1" name="host.name"/>
178
178
  </fingerprint>
179
179
 
180
- <fingerprint pattern="^(\S+) Zimbra IMAP4rev1 server ready\.?$">
180
+ <fingerprint pattern="^(\S{1,512}) Zimbra IMAP4rev1 server ready\.?$">
181
181
  <description>VMware Zimbra IMAP</description>
182
182
  <example host.name="foo.bar">foo.bar Zimbra IMAP4rev1 server ready</example>
183
183
  <param pos="0" name="service.vendor" value="VMware"/>
@@ -186,7 +186,7 @@
186
186
  <param pos="1" name="host.name"/>
187
187
  </fingerprint>
188
188
 
189
- <fingerprint pattern="^(\S+) Zimbra (\S+) IMAP4rev1 server ready\.?$">
189
+ <fingerprint pattern="^(\S{1,512}) Zimbra (\S+) IMAP4rev1 server ready\.?$">
190
190
  <description>VMware Zimbra IMAP with service version</description>
191
191
  <example host.name="foo.bar" service.version="7.0.0_GA_3079">foo.bar Zimbra 7.0.0_GA_3079 IMAP4rev1 server ready</example>
192
192
  <param pos="0" name="service.vendor" value="VMware"/>
@@ -196,7 +196,7 @@
196
196
  <param pos="1" name="host.name"/>
197
197
  </fingerprint>
198
198
 
199
- <fingerprint pattern="^(.+) Cyrus IMAP4 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready$">
199
+ <fingerprint pattern="^(\S{1,512}) Cyrus IMAP4 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready$">
200
200
  <description>CMU Cyrus IMAP on Mac OS X</description>
201
201
  <example host.name="example.com" service.version="2.2.12" os.version="10.4.0">example.com Cyrus IMAP4 v2.2.12-OS X 10.4.0 server ready</example>
202
202
  <example host.name="example.com" service.version="2.3.8" os.version="10.5">example.com Cyrus IMAP4 v2.3.8-OS X Server 10.5: 9A562 server ready</example>
@@ -213,7 +213,7 @@
213
213
  <param pos="1" name="host.name"/>
214
214
  </fingerprint>
215
215
 
216
- <fingerprint pattern="^(.+) Cyrus IMAP4? (?:\S+ )?v(\d+\.\d+.*) server ready$">
216
+ <fingerprint pattern="^(\S{1,512}) Cyrus IMAP4? (?:\S+ )?v(\d+\.\d+.*) server ready$">
217
217
  <description>CMU Cyrus IMAP</description>
218
218
  <example host.name="example.com" service.version="2.3.7">example.com Cyrus IMAP4 v2.3.7 server ready</example>
219
219
  <example host.name="example.com" service.version="2.4.8-Invoca-RPM-2.4.8-1">example.com Cyrus IMAP Murder v2.4.8-Invoca-RPM-2.4.8-1 server ready</example>
@@ -253,7 +253,7 @@
253
253
  // * OK xxx PMDF IMAP4rev1 V6.0-24 (Message store V6.0-24)
254
254
  // * OK xxx PMDF IMAP4rev1 V6.0-9
255
255
  IMAP_FP_PARSERS[5] = new PatternParser(
256
- "^([^\\s]+) PMDF IMAP4rev1 V([^\\s]+).*$");
256
+ "^([^\\s]+) PMDF IMAP4rev1 V([^\\s]+)");
257
257
  IMAP_FP_PARSERS[5].addConstantParam("product", "PMDF");
258
258
  IMAP_FP_PARSERS[5].addParamSpec(1, "hostname");
259
259
  IMAP_FP_PARSERS[5].addParamSpec(2, "version");
@@ -265,7 +265,7 @@
265
265
  IMAP_FP_PARSERS[6].addParamSpec(2, "server-time");
266
266
  // Eudora Internet Mail Server
267
267
  IMAP_FP_PARSERS[7] = new PatternParser(
268
- "^Eudora Internet Mail Server (.*) .*$");
268
+ "^Eudora Internet Mail Server (.*) ");
269
269
  IMAP_FP_PARSERS[7].addConstantParam("product", "eudoraims");
270
270
  IMAP_FP_PARSERS[7].addParamSpec(1, "version");
271
271
  // Eudora Qualcomm WorldMail
@@ -365,6 +365,7 @@
365
365
  </example>
366
366
  <param pos="0" name="service.vendor" value="Kerio"/>
367
367
  <param pos="0" name="service.product" value="Connect"/>
368
+ <param pos="0" name="service.cpe23" value="cpe:/a:kerio:connect:-"/>
368
369
  </fingerprint>
369
370
 
370
371
  <fingerprint pattern="(?im:vmwPlatformServicesControllerVersion1.\x04.(\d\.\d\.\d)0.)">